Tomahawk is a command line tool for testing network-based intrusion prevention systems (NIPS).

The concept is simple, you can download virus,attacks,exploit pcaps from many sources and save them on the Tomahawk machine. To test an IPS you need tree network interfaces: one for management, one to send traffic and one to receive. If the attack sent on the interface is received on the other interface the IPS didn’t filtered it.

I’ve used Tomahawk to do some demos to potential customers and it’s nice to see all the attacks logged and blocked live.